It seems that the official supported Ambari (which works/supported/provided as rpm/tested by Apache bigtop is 2.7.5).
Also after i managed to build Ambari 2.7.7 with too much effort and hacking, it failed to create a cluster using Bigtop 3.2 repo. So i wonder if anyone is using Ambari 2.7.7 in production or even managed to run a cluster on it? Sent using https://www.zoho.com/mail/ ---- On Mon, 10 Jul 2023 17:32:27 +0330 Brahma Reddy Battula <bra...@apache.org> wrote --- Affected versions: - Apache Ambari 2.7.0 through 2.7.6 Description: SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. Credit: rg <mailto:18993610...@163.com> (finder) References: https://ambari.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-45855 --------------------------------------------------------------------- To unsubscribe, e-mail: mailto:user-unsubscr...@ambari.apache.org For additional commands, e-mail: mailto:user-h...@ambari.apache.org
